Report #10963 check_circle

  • Creation Date: Sept. 3, 2020, 1:35 p.m.
  • Last Update: Sept. 3, 2020, 1:40 p.m.
  • File: Dropper_dead4.exe
  • Results:
Binary
DLL
False cancel
Size
234.00KB
trid
72.3% Win64 Executable
11.8% Win32 Executable
5.3% OS/2 Executable
5.2% Generic Win/DOS Executable
5.2% DOS Executable Generic
type
PE
wordsize
32
Subsystem
Windows CLI
Hashes
md5
80c1085f9241d42757cb178b624eb009
sha1
3d7b1f878ac7048fb5c1a59e77c37c49f0a96ac1
crc32
0xb02297c6
sha224
a9925f3dfac1bbf79326d770300992bb222d730b39673f72425f51bc
sha256
835d79a31b02a9aa9eeedccd8015f1e9a18126fa33f741ebecc38387d9d47544
sha384
b08ffd5e809693ab3556088fadc556000c2487f45acf6ccd57d02b5c272bec4a8263891eacb8f2d327f6b2c06ded9173
sha512
ef3d3a1806d5ef84d58a4c5909d4e1374f4c2dfd81f452a92f00c10a2fdf74d45daaca9cc78d456b8faf11e99da11ebd001df6561c32fa1b9b5a19ae9acafa9d
ssdeep
6144:4zOvcVqlH+8oRDcf75tqB0ujlhfaR8sm:gAoq1WdwFEdjLaR8H
Community
Google
False cancel
HashLib
False cancel
YARA
Matches
VC8_Microsoft_Corporation, domain, anti_dbg, IP, contentis_base64, Microsoft_Visual_Cpp_8, win_registry, HasDebugData, IsConsole, IsPE32, HasRichSignature

Suspicious
True check_circle

Strings
List
C:\Users\Win\Documents\Visual Studio 2012\Projects\Dropper\Release\Dropper.pdb
System.IO
System.Security.Cryptography
98d30.png
98d30.png
COMCTL32.dll
MSVCR110.dll
WINMM.dll
@proc.exe
proc.exe
tFex256HtbePPBP.exe
tFex256HtbePPBP.exe
tFex256HtbePPBP.exe
2.0.0.0
}a%+o
milkTea
%elEP
System.Windows.Forms
mscoree.dll
get_Magenta
_crt_debugger_hook
QSystem.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
hSystem.Drawing.Bitmap, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3aPADPAD4m[
<requestedPrivileges>
lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet
IsProcessorFeaturePresent
857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857AB1B65E80C75F28857ABB9C2880C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28857ABDB65E80C25F28F906
ResourceManager
IsDebuggerPresent
CreateProcessW
txtKillburnChoco
txtKillburnChoco
password
LoadResource
GetModuleHandleW
QueryPerformanceCounter
Binder
ComputeHash
%/#=
fprintf
HashAlgorithm
fopen
$9189263f-fcbd-42cb-929e-6a490a7d766e
<requestedExecutionLevel level='asInvoker' uiAccess='false' />
add_PrintPage
txtKillburnChoco_Click
ComponentResourceManager
set_StartPosition
MD5CryptoServiceProvider
E>7;H'X+POS
_CorExeMain
\\,WuTc80
%T*[pO6d!
+EhTP
Form1_Load
ec719.resources
ec719.resources
__crtTerminateProcess
button2_Click
button1_Click
button3_Click
set_Document
37S&G?I
timer1_Tick
set_AutoScaleMode
_commode
_initterm
get_Controls
set_ClientSize
get_ControlLightLight
get_ButtonFace
get_ControlDark
set_DisplayStyle
add_Tick
add_Load
get_Items
get_ASCII
set_Image
set_Location
txtLatte_Click
add_Click
txtCoffeCake_Click
set_FileName
get_FileName
set_AutoSize
set_TabIndex
get_NewLine
set_Icon
set_Size
set_Text
get_Text
set_Name
qinkL;tU
set_Font
set_ForeColor
set_BackColor
txtMocha_Click
set_Filter
txtValeCoffee_Click
get_Black

Foremost
Matches
0.exe, 234 KB, 63.png, 130 KB
Suspicious
True check_circle
Heuristics
IPs
hasIPs: False cancel
Allowed
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

URLs
Allowed
hasURLs: False cancel
Suspicious
hasAllowed: False cancel
hasSuspicious: False cancel

Files
Allowed: ADVAPI32.dll, SHELL32.dll, RPCRT4.dll, USER32.dll, MSVCR110.dll, mscoree.dll, COMCTL32.dll, ole32.dll, WINMM.dll, GDI32.dll, KERNEL32.dll
hasFiles: True check_circle
Suspicious
hasAllowed: True check_circle
hasSuspicious: False cancel

Binary
Sizes
RVA
RVA: 16
Suspicious: False cancel
Code
Size: 236032
Suspicious: False cancel
Image
Address: 4194304
Suspicious: False cancel
Stack
Stack: 4096
Suspicious: False cancel
Headers
Headers: 1024
Suspicious: False cancel
Suspicious: False cancel

Symbols
Number
Number: 0
Suspicious: True check_circle
Pointer
Pointer: 0
Suspicious: True check_circle
Directories
Number: 16
Suspicious: False cancel

Checksum
Value: 0
Suspicous: True check_circle

Sections
Allowed: .text, .rdata, .data, .rsrc, .reloc
Suspicious
hasAllowed: True check_circle
hasSections: True check_circle
hasSuspicious: False cancel

Versions
OS
Version: 6
Suspicious: False cancel
Image
Version: True check_circle
Suspicious: 6
Linker
Version: 11.0
Suspicious: False cancel
Subsystem
Version: 6.0
Suspicious: False cancel
Suspicious: False cancel

EntryPoint
Address: 5197
Suspicious: False cancel

Anomalies
Anomalies: The header checksum and the calculated checksum do not match.
hasAnomalies: True check_circle

Libraries
Allowed: advapi32.dll, shell32.dll, rpcrt4.dll, user32.dll, mscoree.dll, comctl32.dll, ole32.dll, winmm.dll, gdi32.dll, kernel32.dll
hasLibs: True check_circle
Suspicious: msvcr110.dll
hasAllowed: True check_circle
hasSuspicious: True check_circle

Timestamp
Past: False cancel
Valid: True check_circle
Value: 2020-09-03 13:29:42
Future: False cancel

Compilation
Packed: False cancel
Missing: False cancel
Packers
Compiled: True check_circle
Compilers: Microsoft Visual C++ 8, VC8 -> Microsoft Corporation

Obfuscation
XOR: False cancel
Fuzzing: True check_circle

PEDetector
Matches
7328
Suspicious
True check_circle
Disassembly
hasTricks
True check_circle
Tricks
pushret
.rsrc: 71
.text: 1

pushpopmath
.rsrc: 40

garbagebytes
.rsrc: 24
.text: 1

software breakpoint
.rsrc: 1

fakeconditionaljumps
.rsrc: 2

programcontrolflowchange
.rsrc: 22
.text: 1

cpuinstructionsresultscomparison
.rsrc: 2

AVclass
remcos
1
VirusTotal
md5
80c1085f9241d42757cb178b624eb009
sha1
3d7b1f878ac7048fb5c1a59e77c37c49f0a96ac1
SCANS (DETECTION RATE = 43.28%)
AVG
result: Win32:PWSX-gen [Trj]
update: 20200903
version: 18.4.3895.0
detected: True check_circle

CMC
update: 20200903
version: 2.7.2019.1
detected: False cancel

MAX
result: malware (ai score=81)
update: 20200903
version: 2019.9.16.1
detected: True check_circle

APEX
result: Malicious
update: 20200901
version: 6.66
detected: True check_circle

Bkav
update: 20200903
version: 1.3.0.9899
detected: False cancel

K7GW
update: 20200903
version: 11.133.35155
detected: False cancel

ALYac
update: 20200903
version: 1.1.1.5
detected: False cancel

Avira
result: TR/Kryptik.hvdkh
update: 20200903
version: 8.3.3.8
detected: True check_circle

Baidu
update: 20190318
version: 1.0.0.2
detected: False cancel

Cynet
update: 20200903
version: 4.0.0.24
detected: False cancel

Cyren
result: W32/MSIL_Kryptik.AQG.gen!Eldorado
update: 20200903
version: 6.3.0.2
detected: True check_circle

DrWeb
result: Trojan.Siggen9.44167
update: 20200903
version: 7.0.48.8080
detected: True check_circle

GData
result: Gen:Variant.Johnnie.272735
update: 20200903
version: A:25.26871B:27.20039
detected: True check_circle

Panda
update: 20200903
version: 4.6.4.2
detected: False cancel

VBA32
result: TScope.Trojan.MSIL
update: 20200903
version: 4.4.1
detected: True check_circle

VIPRE
update: 20200903
version: 86416
detected: False cancel

Zoner
update: 20200903
version: 0.0.0.0
detected: False cancel

ClamAV
result: Win.Packed.Remcos-8070789-0
update: 20200903
version: 0.102.4.0
detected: True check_circle

Comodo
update: 20200728
version: 32668
detected: False cancel

Ikarus
update: 20200903
version: 0.1.5.2
detected: False cancel

McAfee
result: GenericRXLE-RD!F5EFA81034D6
update: 20200903
version: 6.0.6.653
detected: True check_circle

Rising
update: 20200903
version: 25.0.0.26
detected: False cancel

Sophos
update: 20200903
version: 4.98.0
detected: False cancel

Yandex
update: 20200901
version: 5.5.2.24
detected: False cancel

Zillya
update: 20200903
version: 2.0.0.4168
detected: False cancel

Acronis
update: 20200806
version: 1.1.1.77
detected: False cancel

Alibaba
update: 20190527
version: 0.3.0.5
detected: False cancel

Arcabit
result: Trojan.Johnnie.D4295F
update: 20200903
version: 1.0.0.881
detected: True check_circle

Cylance
update: 20200903
version: 2.3.1.101
detected: False cancel

Elastic
result: malicious (high confidence)
update: 20200831
version: 4.0.8
detected: True check_circle

FireEye
result: Generic.mg.80c1085f9241d427
update: 20200903
version: 32.36.1.0
detected: True check_circle

Sangfor
update: 20200814
version: 1.0
detected: False cancel

TACHYON
update: 20200903
version: 2020-09-03.02
detected: False cancel

Tencent
update: 20200903
version: 1.0.0.1
detected: False cancel

ViRobot
update: 20200903
version: 2014.3.20.0
detected: False cancel

Webroot
update: 20200903
version: 1.0.0.403
detected: False cancel

Ad-Aware
result: Gen:Variant.Johnnie.272735
update: 20200903
version: 3.0.16.117
detected: True check_circle

AegisLab
update: 20200903
version: 4.2
detected: False cancel

F-Secure
result: Trojan.TR/Kryptik.hvdkh
update: 20200903
version: 12.0.86.52
detected: True check_circle

Fortinet
update: 20200903
version: 6.2.142.0
detected: False cancel

Invincea
update: 20200903
version: 1.0.1.0
detected: False cancel

Jiangmin
update: 20200903
version: 16.0.100
detected: False cancel

Kingsoft
update: 20200903
version: 2013.8.14.323
detected: False cancel

Paloalto
update: 20200903
version: 1.0
detected: False cancel

Symantec
update: 20200903
version: 1.12.0.0
detected: False cancel

AhnLab-V3
update: 20200903
version: 3.18.1.10026
detected: False cancel

Antiy-AVL
result: Trojan/Win32.Sonbokli
update: 20200903
version: 3.0.0.1
detected: True check_circle

Kaspersky
result: HEUR:Backdoor.MSIL.Remcos.gen
update: 20200903
version: 15.0.1.13
detected: True check_circle

MaxSecure
result: Win.MxResIcn.Heur.Gen
update: 20200902
version: 1.0.0.1
detected: True check_circle

Microsoft
result: Trojan:Win32/Wacatac.C!ml
update: 20200903
version: 1.1.17400.5
detected: True check_circle

Qihoo-360
result: HEUR/QVM41.1.AF1F.Malware.Gen
update: 20200903
version: 1.0.0.1120
detected: True check_circle

ZoneAlarm
result: HEUR:Backdoor.MSIL.Remcos.gen
update: 20200903
version: 1.0
detected: True check_circle

Cybereason
update: 20190616
version: 1.2.449
detected: False cancel

ESET-NOD32
result: a variant of MSIL/Kryptik.VSI
update: 20200903
version: 21929
detected: True check_circle

TrendMicro
result: TROJ_GEN.R002C0DG220
update: 20200903
version: 11.0.0.1006
detected: True check_circle

BitDefender
result: Gen:Variant.Johnnie.272735
update: 20200903
version: 7.2
detected: True check_circle

CrowdStrike
update: 20190702
version: 1.0
detected: False cancel

K7AntiVirus
update: 20200903
version: 11.133.35155
detected: False cancel

SentinelOne
update: 20200724
version: 4.4.0.0
detected: False cancel

Malwarebytes
result: Backdoor.Remcos
update: 20200903
version: 3.6.4.335
detected: True check_circle

TotalDefense
update: 20200902
version: 37.1.62.1
detected: False cancel

CAT-QuickHeal
update: 20200903
version: 14.00
detected: False cancel

NANO-Antivirus
result: Trojan.Win32.Remcos.hnkppj
update: 20200903
version: 1.0.134.25140
detected: True check_circle

BitDefenderTheta
result: Gen:NN.ZemsilF.34216.om1@ae5@0cg
update: 20200902
version: 7.2.37796.0
detected: True check_circle

MicroWorld-eScan
result: Gen:Variant.Johnnie.272735
update: 20200903
version: 14.0.409.0
detected: True check_circle

SUPERAntiSpyware
update: 20200828
version: 5.6.0.1032
detected: False cancel

TrendMicro-HouseCall
result: TROJ_GEN.R002C0DG220
update: 20200903
version: 10.0.0.1040
detected: True check_circle

total
67
sha256
835d79a31b02a9aa9eeedccd8015f1e9a18126fa33f741ebecc38387d9d47544
scan_id
835d79a31b02a9aa9eeedccd8015f1e9a18126fa33f741ebecc38387d9d47544-1599150940
resource
80c1085f9241d42757cb178b624eb009
positives
29
scan_date
2020-09-03 16:35:40
verbose_msg
Scan finished, information embedded
response_code
1
File
Trace
3/9/2020 - 12:45:42.606Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.606Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.606Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 12:45:42.606Open1480C:\malware.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 12:45:42.606Open1480C:\malware.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 12:45:42.606Open1480C:\malware.exeC:\Monitor
3/9/2020 - 12:45:42.606Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 12:45:42.606Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.606Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.606Open1480C:\malware.exeC:\
3/9/2020 - 12:45:42.606Unknown1480C:\malware.exeC:\
3/9/2020 - 12:45:42.606Open1480C:\malware.exeC:\Monitor
3/9/2020 - 12:45:42.606Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 12:45:42.606Open1480C:\malware.exeC:\Monitor
3/9/2020 - 12:45:42.606Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 12:45:42.606Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.606Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.606Open1480C:\malware.exeC:\Monitor\ui\SwDRM.dll
3/9/2020 - 12:45:42.622Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.622Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.622Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.622Open1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.622Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.622Unknown1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.622Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.622Read1480C:\malware.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.622Unknown1480C:\malware.exeC:\Windows
3/9/2020 - 12:45:42.622Unknown1480C:\malware.exeC:\Monitor
3/9/2020 - 12:45:42.622Unknown1480C:\malware.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:45:42.637Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:45:42.637Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:45:42.637Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:45:42.653Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 12:45:42.653Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.653Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.653Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.653Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:45:42.653Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:45:42.653Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 12:45:42.653Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 12:45:42.668Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 12:45:42.684Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 12:45:42.684Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:45:42.684Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:45:42.684Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:45:42.684Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 12:45:42.684Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 12:45:42.684Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 12:45:42.684Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 12:45:42.684Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 12:45:42.684Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:45:42.684Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:45:42.684Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:45:42.684Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:45:44.793Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 12:45:44.840Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:45:44.840Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:45:44.840Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:45:44.840Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:45:44.840Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:45:44.840Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:45:44.840Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 12:45:44.840Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
3/9/2020 - 12:45:44.840Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
3/9/2020 - 12:45:44.840Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
3/9/2020 - 12:45:44.840Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
3/9/2020 - 12:45:44.840Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
3/9/2020 - 12:45:44.856Open1488C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 12:45:44.856Unknown1488C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 12:45:44.856Open1488C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:45:44.856Open1488C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:45:44.856Unknown1488C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:45:44.856Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:45:44.856Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:45:44.856Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:45:44.856Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
3/9/2020 - 12:45:44.856Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
3/9/2020 - 12:45:44.950Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
3/9/2020 - 12:45:44.950Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 12:45:44.950Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:45:44.965Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:44.981Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:44.981Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:44.981Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 12:45:44.981Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 12:45:44.981Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:45:44.981Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:45:44.981Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:44.981Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:44.981Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
3/9/2020 - 12:45:44.981Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 12:45:44.981Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 12:45:44.981Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:45:44.981Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:45:45.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:45.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:45.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:45.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:45.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:45.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:45.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:45.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:45.28Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 12:45:45.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:45.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:45.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:45.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:45.28Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 12:45:45.28Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 12:45:45.28Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 12:45:45.28Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:45.28Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:45.28Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:45:45.28Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:45:45.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:45.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:45.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:45.28Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:45.43Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:45.43Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 12:45:45.43Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 12:45:45.43Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 12:45:45.59Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 12:45:45.59Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:45:45.59Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:45:45.59Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:45:45.59Open1488C:\Monitor\proc.exeC:\Windows\assembly\pubpol4.dat
3/9/2020 - 12:45:45.59Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
3/9/2020 - 12:45:45.59Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 12:45:45.59Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:45:45.59Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 12:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:45:45.59Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:45:45.59Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 12:45:45.59Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.59Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 12:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:45.75Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 12:45:45.168Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:45.168Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 12:45:45.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:45.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:45.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:45.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:45.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:45.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:45.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:45.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:45.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:45.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:45.637Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 12:45:45.778Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:45.778Open1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 12:45:45.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:45.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:45.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:45.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:45.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:46.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:47.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:47.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:47.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:47.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:47.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:47.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:47.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:47.372Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:45:47.606Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:45:47.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:48.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:48.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:48.293Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:45:48.387Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:45:48.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:48.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:48.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:48.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:48.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:48.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:48.668Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 12:45:48.762Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 12:45:48.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:48.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:48.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:48.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:48.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:48.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:49.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:49.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:49.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:49.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:49.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:49.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:49.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:49.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:49.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:49.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:49.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:49.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:49.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:49.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:49.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:49.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:49.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:49.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:49.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:49.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:50.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:50.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:50.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:50.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:50.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:50.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:50.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:50.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:50.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:50.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:50.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:50.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:50.825Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
3/9/2020 - 12:45:50.872Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 12:45:50.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 12:45:50.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 12:45:51.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 12:45:51.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 12:45:51.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:51.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:51.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:51.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:51.122Open1488C:\Monitor\proc.exeC:\Windows\Globalization\pt-br.nlp
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:51.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:51.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:52.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:52.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:52.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:52.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:52.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:52.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:52.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:52.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:52.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:52.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:52.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:52.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:52.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:52.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:52.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:52.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:52.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:52.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:45:52.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:52.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:53.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:53.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:53.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:53.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:53.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:53.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:53.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:53.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:53.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:53.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:53.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:53.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:53.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:53.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:53.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:53.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:53.715Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 12:45:53.715Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 12:45:53.856Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 12:45:53.856Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 12:45:53.903Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:53.903Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 12:45:53.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:53.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:53.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.278Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 12:45:54.278Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 12:45:54.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.465Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 12:45:54.465Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 12:45:54.465Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.465Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 12:45:54.465Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.465Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.512Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
3/9/2020 - 12:45:54.512Open1488C:\Monitor\proc.exeC:\Monitor\VERSION.dll
3/9/2020 - 12:45:54.512Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:45:54.512Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:45:54.512Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 12:45:54.512Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.559Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 12:45:54.559Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:54.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:54.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:54.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:54.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:54.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:54.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:54.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:54.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:54.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:55.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:55.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:55.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:55.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:55.215Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:45:55.215Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
3/9/2020 - 12:45:55.215Open1488C:\Monitor\proc.exeC:\Monitor\bcrypt.dll
3/9/2020 - 12:45:55.215Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 12:45:55.215Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 12:45:58.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.856Open1488C:\Monitor\proc.exeC:\Monitor\CRYPTSP.dll
3/9/2020 - 12:45:58.856Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 12:45:58.856Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 12:45:58.856Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:45:58.856Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:45:58.856Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:45:58.856Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:45:58.856Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:45:58.856Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:45:58.856Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:45:58.856Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:45:58.856Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:45:58.856Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:45:58.856Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:45:58.856Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.887Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:58.887Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:45:58.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.950Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:58.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.465Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
3/9/2020 - 12:45:59.465Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 12:45:59.465Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:45:59.465Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:45:59.465Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:45:59.465Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 12:45:59.512Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 12:45:59.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:59.512Open1488C:\Monitor\proc.exeC:\Monitor\WindowsCodecs.dll
3/9/2020 - 12:45:59.512Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 12:45:59.512Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 12:45:59.512Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 12:45:59.512Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 12:45:59.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:45:59.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:45:59.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:45:59.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.543Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.590Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.637Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.684Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.731Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.918Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:0.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.12Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:46:1.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:1.106Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:1.153Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.200Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.247Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.293Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.340Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.387Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.434Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.481Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.528Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.575Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.622Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.668Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.715Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.856Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.903Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:1.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.137Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:46:2.137Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 12:46:2.278Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 12:46:2.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.512Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.config
3/9/2020 - 12:46:2.512Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources.dll
3/9/2020 - 12:46:2.512Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 12:46:2.512Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources.exe
3/9/2020 - 12:46:2.512Open1488C:\Monitor\proc.exeC:\Monitor\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 12:46:2.559Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 12:46:2.559Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 12:46:2.747Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 12:46:2.747Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 12:46:2.747Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:2.747Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:2.747Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:2.747Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:2.747Unknown1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 12:46:2.747Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 12:46:2.747Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 12:46:2.762Open1488C:\Monitor\proc.exeC:\Windows\Globalization\pt.nlp
3/9/2020 - 12:46:2.762Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources.dll
3/9/2020 - 12:46:2.762Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 12:46:2.762Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources.exe
3/9/2020 - 12:46:2.762Open1488C:\Monitor\proc.exeC:\Monitor\pt\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 12:46:2.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:46:2.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:46:2.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.762Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:46:2.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:46:2.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:2.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:2.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:2.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:2.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.778Open1488C:\Monitor\proc.exeC:\Windows\Globalization\en-us.nlp
3/9/2020 - 12:46:2.778Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:2.793Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 12:46:2.793Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 12:46:2.793Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 12:46:2.793Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 12:46:2.793Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 12:46:2.793Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 12:46:2.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 12:46:2.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 12:46:2.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 12:46:2.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 12:46:2.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 12:46:2.793Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 12:46:2.793Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 12:46:2.793Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 12:46:2.793Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 12:46:2.793Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 12:46:2.793Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 12:46:2.793Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 12:46:2.793Unknown1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 12:46:2.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 12:46:12.809Open1488C:\Monitor\proc.exeC:\Monitor\shfolder.dll
3/9/2020 - 12:46:12.809Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 12:46:12.809Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 12:46:13.43Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:13.43Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.90Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.137Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.184Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.231Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.278Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.325Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.372Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.418Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.465Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.559Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.606Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.653Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.700Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.747Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.793Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.840Open1488C:\Monitor\proc.exeC:\Monitor\ntmarta.dll
3/9/2020 - 12:46:13.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ntmarta.dll
3/9/2020 - 12:46:13.840Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ntmarta.dll
3/9/2020 - 12:46:13.840Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:13.840Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:13.840Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.887Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.934Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:13.981Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:46:14.28Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:14.75Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:46:14.122Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:14.122Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:14.122Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:14.122Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:14.122Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:14.122Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:14.122Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:14.122Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:14.122Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:14.122Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:14.122Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:14.122Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:14.122Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:14.122Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:14.168Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:14.168Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:14.168Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:14.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:14.215Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:14.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:14.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:14.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:14.403Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:14.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:14.497Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:14.497Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:14.497Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:14.497Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:14.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.497Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:14.512Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:14.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp7CBE.tmp
3/9/2020 - 12:46:14.512Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp7CBE.tmp
3/9/2020 - 12:46:14.512Write1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp7CBE.tmp
3/9/2020 - 12:46:14.512Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp7CBE.tmp
3/9/2020 - 12:46:14.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.512Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.512Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
3/9/2020 - 12:46:14.528Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:46:14.528Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:46:14.528Open1488C:\Monitor\proc.exeC:\Monitor\PROPSYS.dll
3/9/2020 - 12:46:14.528Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:14.528Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:14.528Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 12:46:14.528Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 12:46:14.528Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:14.528Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:14.528Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:14.528Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 12:46:14.528Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 12:46:14.528Open1488C:\Monitor\proc.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 12:46:14.528Unknown1488C:\Monitor\proc.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 12:46:14.528Open1488C:\Monitor\proc.exeC:\Monitor\apphelp.dll
3/9/2020 - 12:46:14.528Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 12:46:14.528Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 12:46:14.543Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:14.543Open1488C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 12:46:14.543Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.543Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.543Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:14.543Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:14.543Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:14.543Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:14.543Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:14.543Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.543Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.543Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.543Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.543Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:14.543Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:14.543Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:14.543Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:14.559Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:14.559Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:14.559Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:14.559Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:14.559Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:14.559Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:14.559Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:14.575Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 12:46:14.575Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 12:46:14.575Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 12:46:14.575Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 12:46:14.575Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:14.575Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 12:46:14.575Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:14.575Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:14.575Open1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:14.575Open1488C:\Monitor\proc.exeC:\Monitor\schtasks.exe
3/9/2020 - 12:46:14.575Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:14.590Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:14.590Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:14.590Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:14.590Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:14.590Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.590Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.590Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 12:46:14.590Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 12:46:14.590Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 12:46:14.590Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 12:46:14.590Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 12:46:14.590Open1488C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 12:46:14.590Read1488C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 12:46:14.590Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:14.590Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:14.590Open1488C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 12:46:14.590Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:14.590Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:14.590Open1488C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 12:46:14.590Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 12:46:14.590Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 12:46:14.606Open1488C:\Monitor\proc.exeC:\Monitor\Secur32.dll
3/9/2020 - 12:46:14.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 12:46:14.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 12:46:14.606Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 12:46:14.606Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 12:46:14.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:14.606Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:14.606Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:14.606Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:14.606Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:14.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.606Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:14.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.606Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.606Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:14.606Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:14.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:14.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:14.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:14.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe:Zone.Identifier
3/9/2020 - 12:46:14.606Open1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:46:14.606Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:46:14.606Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:14.809Open1488C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 12:46:14.809Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.809Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.809Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:14.809Open1488C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:14.809Unknown1488C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:14.809Open1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:14.809Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:14.809Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.809Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.809Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.809Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:14.809Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:14.809Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:14.809Read1488C:\Monitor\proc.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:14.809Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 12:46:14.809Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:14.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:14.872Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
3/9/2020 - 12:46:14.872Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 12:46:14.872Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:14.872Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:14.872Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:14.872Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:14.872Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:14.872Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:14.872Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 12:46:14.872Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 12:46:14.872Unknown532C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 12:46:14.872Open532C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 12:46:14.950Open1488C:\Monitor\proc.exeC:\Monitor\RpcRtRemote.dll
3/9/2020 - 12:46:14.950Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 12:46:14.950Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 12:46:14.950Open1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 12:46:14.950Unknown1488C:\Monitor\proc.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 12:46:15.106Read532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:15.106Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:15.106Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:15.106Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 12:46:15.106Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 12:46:15.106Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:15.106Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:15.106Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:15.106Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:15.106Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:15.106Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:15.106Read532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:15.168Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:15.168Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:15.168Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:15.168Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:15.168Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 12:46:15.168Unknown532C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 12:46:15.168Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:15.168Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:15.168Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 12:46:15.168Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 12:46:15.168Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:15.168Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:15.356Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 12:46:15.356Open532C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 12:46:15.450Open532C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp7CBE.tmp
3/9/2020 - 12:46:15.450Read532C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp7CBE.tmp
3/9/2020 - 12:46:15.450Read532C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp7CBE.tmp
3/9/2020 - 12:46:15.450Unknown532C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmp7CBE.tmp
3/9/2020 - 12:46:16.762Unknown532C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 12:46:16.762Unknown532C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 12:46:16.825Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp7CBE.tmp
3/9/2020 - 12:46:16.825Open1488C:\Monitor\proc.exeC:\Monitor\Files\DeletedFiles
3/9/2020 - 12:46:16.825Delete1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp7CBE.tmp
3/9/2020 - 12:46:16.825Unknown1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\tmp7CBE.tmp
3/9/2020 - 12:46:16.825Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:16.872Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:16.918Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:16.918Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:16.918Open1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:16.918Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:16.918Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:16.918Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:16.918Read1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:16.918Unknown1488C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:16.965Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pf
3/9/2020 - 12:46:16.965Read972C:\Monitor\proc.exeC:\Windows\Prefetch\PROC.EXE-5509F567.pfPROC.EXE-5509F567.pf
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exe\Device\HarddiskVolume2
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\Favorites
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\Favorites
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\Favorites
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Windows\assembly\GAC_32
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\GAC_32
3/9/2020 - 12:46:16.965Read972C:\Monitor\proc.exeC:\Windows\assembly\GAC_32
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\GAC_32
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 12:46:16.965Read972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 12:46:16.965Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 12:46:16.965Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\Globalization
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\Globalization\Sorting
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\Microsoft.NET
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\System32
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.url
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHQ10TF8\QSML[7].XML
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.dat
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.url
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].png
3/9/2020 - 12:46:16.981Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
3/9/2020 - 12:46:16.981Open972C:\Monitor\proc.exeC:\Windows\System32\WindowsCodecsExt.dll
3/9/2020 - 12:46:16.997Unknown972C:\Monitor\proc.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
3/9/2020 - 12:46:16.997Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 12:46:16.997Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:46:16.997Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 12:46:16.997Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:16.997Open972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 12:46:16.997Unknown972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:46:16.997Open972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 12:46:16.997Unknown972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 12:46:16.997Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\tquery.dll
3/9/2020 - 12:46:16.997Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\tquery.dll
3/9/2020 - 12:46:16.997Read972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil\Microsoft Brasil.urlMicrosoft Brasil.url
3/9/2020 - 12:46:16.997Read972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 12:46:16.997Read972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:16.997Read972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\Links for Brasil\Windows Brasil.urlWindows Brasil.url
3/9/2020 - 12:46:16.997Read972C:\Monitor\proc.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
3/9/2020 - 12:46:16.997Read972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:46:16.997Read972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:16.997Read972C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:46:16.997Read972C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 12:46:16.997Read972C:\Monitor\proc.exeC:\Windows\SysWOW64\tquery.dll
3/9/2020 - 12:46:16.997Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:46:17.12Unknown972C:\Monitor\proc.exeC:\Windows\System32\locale.nls
3/9/2020 - 12:46:17.12Unknown972C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 12:46:17.12Unknown972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:17.12Read972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
3/9/2020 - 12:46:17.12Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RCRTXD2\QSML[7].XML
3/9/2020 - 12:46:17.12Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies\2JDK0WTG.TXT
3/9/2020 - 12:46:17.12Read972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
3/9/2020 - 12:46:17.12Read972C:\Monitor\proc.exeC:\Windows\System32\WindowsCodecsExt.dllWindowsCodecsExt.dll
3/9/2020 - 12:46:17.12Read972C:\Monitor\proc.exeC:\Windows\SysWOW64\tquery.dll
3/9/2020 - 12:46:17.28Read972C:\Monitor\proc.exeC:\Windows\SysWOW64\tquery.dll
3/9/2020 - 12:46:17.28Read972C:\Monitor\proc.exeC:\Windows\SysWOW64\tquery.dll
3/9/2020 - 12:46:17.28Read972C:\Monitor\proc.exeC:\Windows\SysWOW64\tquery.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\System32\user32.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018050320180504\container.datcontainer.dat
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A6STR8JF\favicon[1].pngfavicon[1].png
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exe\Device\HarddiskVolume2
3/9/2020 - 12:46:17.28Open972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:17.28Open972C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:17.28Open972C:\Monitor\proc.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:17.28Open972C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:17.28Open972C:\Monitor\proc.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:17.28Open972C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:17.28Open972C:\Monitor\proc.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:17.28Open972C:\Monitor\proc.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 12:46:17.28Open972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:17.28Unknown972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:17.28Open972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:46:17.28Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:17.43Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:17.43Open972C:\Monitor\proc.exeC:\Monitor\MSVCP60.dll
3/9/2020 - 12:46:17.43Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 12:46:17.43Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 12:46:17.43Open972C:\Monitor\proc.exeC:\Monitor\WINMM.dll
3/9/2020 - 12:46:17.43Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 12:46:17.43Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 12:46:17.43Open972C:\Monitor\proc.exeC:\Monitor\version.DLL
3/9/2020 - 12:46:17.43Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:17.43Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:17.43Open972C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 12:46:17.43Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:46:17.43Unknown972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:46:17.43Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:46:17.43Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 12:46:17.43Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 12:46:17.43Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:17.43Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:17.59Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:17.59Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:17.59Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:17.59Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:17.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:17.59Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:46:17.59Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:17.59Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:17.59Open972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.59Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.59Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.59Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.59Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.59Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.59Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:17.59Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:17.59Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:17.59Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:17.59Open972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:17.59Unknown972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:17.59Open972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:17.59Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:17.59Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:17.59Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:17.59Read972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:17.59Write972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:17.59Write972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:17.59Read972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:17.59Read972C:\Monitor\proc.exeC:\Monitor\proc.exe
3/9/2020 - 12:46:17.59Write972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:17.59Write972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:17.59Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:17.59Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.59Write972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.59Open972C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 12:46:17.59Unknown972C:\Monitor\proc.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 12:46:17.59Open972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:46:17.59Unknown972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:46:17.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:17.122Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:17.122Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 12:46:17.122Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 12:46:17.122Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:17.122Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:17.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:17.168Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.168Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Monitor\PROPSYS.dll
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Monitor\proc.exe.Local
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:17.168Unknown972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 12:46:17.168Unknown972C:\Monitor\proc.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 12:46:17.168Read972C:\Monitor\proc.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:17.168Open972C:\Monitor\proc.exeC:\Windows\System32\propsys.dll
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.184Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\Users\desktop.ini
3/9/2020 - 12:46:17.184Read972C:\Monitor\proc.exeC:\Users\desktop.ini
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.184Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.184Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\Users\Behemot\Searches\desktop.ini
3/9/2020 - 12:46:17.184Read972C:\Monitor\proc.exeC:\Users\Behemot\Searches\desktop.ini
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.184Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.184Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.184Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\Users\Behemot\Videos\desktop.ini
3/9/2020 - 12:46:17.184Read972C:\Monitor\proc.exeC:\Users\Behemot\Videos\desktop.ini
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.184Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.184Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.184Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\Users\Behemot\Pictures\desktop.ini
3/9/2020 - 12:46:17.184Read972C:\Monitor\proc.exeC:\Users\Behemot\Pictures\desktop.ini
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.184Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.184Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.184Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.184Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.184Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.184Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users\Behemot\Contacts\desktop.ini
3/9/2020 - 12:46:17.200Read972C:\Monitor\proc.exeC:\Users\Behemot\Contacts\desktop.ini
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\desktop.ini
3/9/2020 - 12:46:17.200Read972C:\Monitor\proc.exeC:\Users\Behemot\Favorites\desktop.ini
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users\Behemot\Music\desktop.ini
3/9/2020 - 12:46:17.200Read972C:\Monitor\proc.exeC:\Users\Behemot\Music\desktop.ini
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users\Behemot\Downloads\desktop.ini
3/9/2020 - 12:46:17.200Read972C:\Monitor\proc.exeC:\Users\Behemot\Downloads\desktop.ini
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users\Behemot\Documents\desktop.ini
3/9/2020 - 12:46:17.200Read972C:\Monitor\proc.exeC:\Users\Behemot\Documents\desktop.ini
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users\Behemot\Links\desktop.ini
3/9/2020 - 12:46:17.200Read972C:\Monitor\proc.exeC:\Users\Behemot\Links\desktop.ini
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Users\Behemot\Saved Games\desktop.ini
3/9/2020 - 12:46:17.200Read972C:\Monitor\proc.exeC:\Users\Behemot\Saved Games\desktop.ini
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Monitor\apphelp.dll
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:17.200Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 12:46:17.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:17.262Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:17.200Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 12:46:17.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:17.309Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:17.356Open1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
3/9/2020 - 12:46:17.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:17.356Read1488C:\Monitor\proc.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:46:17.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:46:17.450Read1488C:\Monitor\proc.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:46:17.450Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.1488.1116375
3/9/2020 - 12:46:17.450Open1488C:\Monitor\proc.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.1488.1116375
3/9/2020 - 12:46:17.450Open1488C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.1488.1116390
3/9/2020 - 12:46:17.450Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:17.450Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 12:46:17.450Read1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 12:46:17.450Read1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 12:46:17.450Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 12:46:17.450Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 12:46:17.450Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 12:46:17.450Read972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 12:46:17.450Read972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 12:46:17.465Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 12:46:17.465Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 12:46:17.465Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shdocvw.dll
3/9/2020 - 12:46:17.465Unknown1488C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:17.465Unknown1488C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:46:17.465Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:17.465Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:17.465Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:46:17.465Unknown1488C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.481Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.481Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.481Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Monitor\Secur32.dll
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 12:46:17.481Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 12:46:17.481Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.481Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.481Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.481Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.481Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:17.481Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:17.481Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:17.481Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.481Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:17.481Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:17.481Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:17.481Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:17.481Open972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.497Unknown972C:\Monitor\proc.exeC:\Users\Behemot
3/9/2020 - 12:46:17.497Open972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.497Unknown972C:\Monitor\proc.exeC:\Users
3/9/2020 - 12:46:17.497Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.497Open972C:\Monitor\proc.exeC:\Monitor\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 12:46:17.497Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 12:46:17.497Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 12:46:17.497Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 12:46:17.497Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dllapi-ms-win-downlevel-advapi32-l2-1-0.dll
3/9/2020 - 12:46:17.559Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.559Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.559Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.559Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.559Unknown972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.559Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs:Zone.Identifier
3/9/2020 - 12:46:17.559Open972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.559Read972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.559Read972C:\Monitor\proc.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.559Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.559Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.559Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.559Open972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:46:17.559Unknown972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:46:17.559Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.559Open972C:\Monitor\proc.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 12:46:17.559Open972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:17.559Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:17.559Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.559Open972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.559Unknown972C:\Monitor\proc.exeC:\
3/9/2020 - 12:46:17.559Open972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:17.559Unknown972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:17.559Open972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:17.559Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:17.559Open972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:17.559Unknown972C:\Monitor\proc.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:17.559Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.559Read972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.559Read972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.575Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 12:46:17.575Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.575Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.575Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.575Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\en\WScript.exe.mui
3/9/2020 - 12:46:17.575Open972C:\Monitor\proc.exeC:\Windows\System32\en\WScript.exe.mui
3/9/2020 - 12:46:17.575Open972C:\Monitor\proc.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.590Unknown972C:\Monitor\proc.exeC:\Windows
3/9/2020 - 12:46:17.590Unknown972C:\Monitor\proc.exeC:\Monitor
3/9/2020 - 12:46:17.590Unknown972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:46:17.590Unknown972C:\Monitor\proc.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:17.637Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\Prefetch\WSCRIPT.EXE-9093C9D0.pf
3/9/2020 - 12:46:17.637Open308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 12:46:17.637Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 12:46:17.731Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:17.731Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:17.934Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 12:46:17.934Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 12:46:17.934Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.934Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sxs.dll
3/9/2020 - 12:46:17.934Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\sxs.dll
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\dwmapi.dll
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\dwmapi.dll
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\vbscript.dll
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\vbscript.dll
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.981Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.981Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.981Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.981Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:17.981Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:17.981Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:17.981Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:17.981Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:17.981Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:17.981Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:17.981Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:17.981Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:17.981Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:17.997Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:17.997Read308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:17.997Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:18.12Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:18.12Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:18.12Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\msisip.dll
3/9/2020 - 12:46:18.12Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\msisip.dll
3/9/2020 - 12:46:18.12Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:18.12Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:18.12Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:18.12Read308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:18.12Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:18.12Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshext.dll
3/9/2020 - 12:46:18.12Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshext.dll
3/9/2020 - 12:46:18.12Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\WScript.exe.Local
3/9/2020 - 12:46:18.12Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 12:46:18.12Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 12:46:18.12Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 12:46:18.12Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
3/9/2020 - 12:46:18.12Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
3/9/2020 - 12:46:18.28Read308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:18.28Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrobj.dll
3/9/2020 - 12:46:18.28Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrobj.dll
3/9/2020 - 12:46:18.28Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mlang.dll
3/9/2020 - 12:46:18.28Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mlang.dll
3/9/2020 - 12:46:18.28Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:19.75Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.75Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\scrrun.dll
3/9/2020 - 12:46:19.403Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mpr.dll
3/9/2020 - 12:46:19.403Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\mpr.dll
3/9/2020 - 12:46:19.403Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wshom.ocx
3/9/2020 - 12:46:19.403Open308C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 12:46:19.403Unknown308C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 12:46:19.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:19.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:19.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 12:46:19.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\WScript.exe.Local
3/9/2020 - 12:46:19.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:19.465Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:19.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:19.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 12:46:19.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 12:46:19.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 12:46:19.465Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 12:46:19.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 12:46:19.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 12:46:19.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:19.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:19.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:19.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 12:46:19.465Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 12:46:19.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 12:46:19.465Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 12:46:19.465Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\WScript.exe.Local
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:19.481Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 12:46:19.481Unknown308C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:19.481Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 12:46:19.481Unknown308C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 12:46:19.481Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:19.481Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 12:46:19.481Read308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\propsys.dll
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:19.481Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\System32\propsys.dll
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 12:46:19.497Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 12:46:19.497Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 12:46:19.497Unknown308C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 12:46:19.497Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:19.497Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:19.497Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 12:46:19.497Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe:Zone.Identifier
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 12:46:19.497Unknown308C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 12:46:19.497Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.512Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 12:46:19.512Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 12:46:19.512Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 12:46:19.512Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:19.512Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:19.512Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.512Open308C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 12:46:19.512Unknown308C:\Windows\SysWOW64\wscript.exeC:\
3/9/2020 - 12:46:19.512Open308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 12:46:19.512Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 12:46:19.512Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:19.512Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:19.512Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:19.512Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:19.512Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.512Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.528Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.528Read308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.528Open308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 12:46:19.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:19.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:19.528Open308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:19.528Open308C:\Windows\SysWOW64\wscript.exeC:\Monitor\Files\DeletedFiles
3/9/2020 - 12:46:19.528Delete308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:19.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:19.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp\install.vbs
3/9/2020 - 12:46:19.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:19.528Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pf
3/9/2020 - 12:46:19.590Read948C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
3/9/2020 - 12:46:19.590Read948C:\Windows\SysWOW64\cmd.exeC:\Windows\Prefetch\CMD.EXE-AC113AA8.pfCMD.EXE-AC113AA8.pf
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 12:46:19.590Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 12:46:19.590Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
3/9/2020 - 12:46:19.606Read948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.606Read948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\locale.nls
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 12:46:19.606Read948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\BOOTSECT.EXE
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\Temp\TMP000000032EDF9B37C5E17B29
3/9/2020 - 12:46:19.606Read948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.606Read948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.606Read948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 12:46:19.606Read948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 12:46:19.606Read948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\user32.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 12:46:19.606Unknown948C:\Windows\SysWOW64\cmd.exe\Device\HarddiskVolume2
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:19.606Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:19.622Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:19.622Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:19.622Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 12:46:19.622Open948C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 12:46:19.622Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 12:46:19.622Open948C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 12:46:19.637Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows
3/9/2020 - 12:46:19.637Unknown308C:\Windows\SysWOW64\wscript.exeC:\Monitor
3/9/2020 - 12:46:19.637Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc
3/9/2020 - 12:46:19.637Unknown308C:\Windows\SysWOW64\wscript.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:19.840Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 12:46:19.840Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\winbrand.dll
3/9/2020 - 12:46:19.840Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:19.840Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:19.840Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:19.840Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:19.840Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:19.840Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:19.840Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:19.840Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:19.856Read948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 12:46:19.856Unknown948C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 12:46:19.856Unknown948C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 12:46:19.856Unknown948C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 12:46:19.856Unknown948C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:19.856Unknown948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 12:46:19.856Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 12:46:19.856Unknown948C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:19.856Read948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:19.856Unknown948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:19.856Unknown948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 12:46:19.856Unknown948C:\Windows\SysWOW64\cmd.exeC:\
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Users
3/9/2020 - 12:46:19.856Unknown948C:\Windows\SysWOW64\cmd.exeC:\Users
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
3/9/2020 - 12:46:19.856Unknown948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:19.856Unknown948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:19.856Unknown948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:19.856Unknown948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:19.856Unknown948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:19.856Read948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:19.856Open948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\ui\SwDRM.dll
3/9/2020 - 12:46:19.872Open948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:19.872Open948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:19.872Unknown948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:19.872Open948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:19.872Unknown948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:19.872Unknown948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:19.872Read948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:19.872Read948C:\Windows\SysWOW64\cmd.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pf
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:19.934Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\MSCOREE.DLL.local
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:46:19.934Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\Upgrades.2.0.50727
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:19.934Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:20.12Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:20.12Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:46:20.12Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:46:20.12Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:20.12Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 12:46:20.12Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 12:46:20.12Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 12:46:20.12Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 12:46:20.12Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:20.12Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:20.12Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 12:46:20.12Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:46:20.12Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:46:20.12Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:46:20.12Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:46:20.12Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\fusion.localgac
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
3/9/2020 - 12:46:20.12Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 12:46:20.12Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 12:46:20.28Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:20.28Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\index164.dat
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 12:46:20.28Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 12:46:20.28Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:46:20.28Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:20.28Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 12:46:20.28Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 12:46:20.28Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 12:46:20.28Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:20.28Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:20.28Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:20.28Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:20.28Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\ole32.dll
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:20.28Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 12:46:20.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Temporary Internet Files
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:20.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:20.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:20.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:20.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\pubpol4.dat
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC\PublisherPolicy.tme
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 12:46:20.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 12:46:20.90Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:46:20.90Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:46:20.90Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:46:20.90Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:46:20.90Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:46:20.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 12:46:20.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 12:46:20.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 12:46:20.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 12:46:20.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 12:46:20.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 12:46:20.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:46:20.90Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:46:20.90Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:46:20.106Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:46:20.106Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:46:20.106Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 12:46:20.106Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 12:46:20.106Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\uxtheme.dll
3/9/2020 - 12:46:20.106Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 12:46:20.106Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 12:46:20.106Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\pt-br.nlp
3/9/2020 - 12:46:20.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 12:46:20.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 12:46:20.184Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 12:46:20.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 12:46:20.184Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:46:20.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 12:46:20.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 12:46:20.184Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 12:46:20.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 12:46:20.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 12:46:20.184Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:46:20.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 12:46:20.184Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:46:20.184Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:46:20.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\VERSION.dll
3/9/2020 - 12:46:20.184Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\VERSION.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 12:46:20.200Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 12:46:20.200Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\bcrypt.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\bcrypt.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\CRYPTSP.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:20.200Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:20.215Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:20.215Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:20.215Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:20.215Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll
3/9/2020 - 12:46:20.215Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 12:46:20.215Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:46:20.215Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:46:20.215Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:46:20.215Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 12:46:20.215Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 12:46:20.278Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WindowsCodecs.dll
3/9/2020 - 12:46:20.278Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 12:46:20.278Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 12:46:20.278Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 12:46:20.278Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.config
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources.dll
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources.exe
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt-BR\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:20.387Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:20.387Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\pt.nlp
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources.dll
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources\ReZer0V2.resources.dll
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources.exe
3/9/2020 - 12:46:20.387Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\pt\ReZer0V2.resources\ReZer0V2.resources.exe
3/9/2020 - 12:46:20.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\en-us.nlp
3/9/2020 - 12:46:20.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 12:46:20.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 12:46:20.403Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 12:46:20.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 12:46:20.403Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 12:46:20.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 12:46:20.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 12:46:20.403Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 12:46:20.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 12:46:20.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 12:46:20.403Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 12:46:20.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 12:46:20.403Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 12:46:20.403Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 12:46:30.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\shfolder.dll
3/9/2020 - 12:46:30.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 12:46:30.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shfolder.dll
3/9/2020 - 12:46:30.403Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:30.403Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\qYwLHUWK.exe
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:30.450Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpBB00.tmp
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpBB00.tmp
3/9/2020 - 12:46:30.450Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpBB00.tmp
3/9/2020 - 12:46:30.450Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpBB00.tmp
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\shell32.dll
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 12:46:30.450Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\PROPSYS.dll
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:30.450Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\WindowsShell.Manifest
3/9/2020 - 12:46:30.450Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\WindowsShell.ManifestWindowsShell.Manifest
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\apphelp.dll
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\apphelp.dll
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 12:46:30.450Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 12:46:30.450Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 12:46:30.450Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dllapi-ms-win-downlevel-shell32-l1-1-0.dll
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ieframe.dll
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:30.465Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\schtasks.exe
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 12:46:30.465Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:30.465Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:30.465Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000000.db
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 12:46:30.465Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\Desktop\desktop.ini
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\propsys.dll
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:30.465Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\propsys.dll
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\propsys.dll
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\urlmon.dll
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\Secur32.dll
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\secur32.dll
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 12:46:30.481Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\Windows\Cookies
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 12:46:30.481Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:30.481Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:30.481Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:30.481Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:30.481Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe:Zone.Identifier
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 12:46:30.481Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 12:46:30.481Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.497Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\AppPatch\sysmain.sdb
3/9/2020 - 12:46:30.497Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:30.497Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:30.497Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.497Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 12:46:30.497Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 12:46:30.497Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:30.497Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:30.497Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:30.497Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:30.497Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:30.497Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:30.497Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.497Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.497Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ui\SwDRM.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pf
3/9/2020 - 12:46:30.559Read1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Prefetch\SCHTASKS.EXE-AD598958.pfSCHTASKS.EXE-AD598958.pf
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exe\Device\HarddiskVolume2
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Users
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 12:46:30.559Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 12:46:30.559Open1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\TMP7CBE.TMP
3/9/2020 - 12:46:30.559Read1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 12:46:30.559Read1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\locale.nls
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\user32.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\oleaut32.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\clbcatq.dll
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exe\Device\HarddiskVolume2
3/9/2020 - 12:46:30.575Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 12:46:30.575Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:30.575Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:30.575Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:30.575Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:30.575Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:30.575Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:30.575Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 12:46:30.575Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 12:46:30.575Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 12:46:30.575Open1744C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 12:46:30.653Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\RpcRtRemote.dll
3/9/2020 - 12:46:30.653Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 12:46:30.653Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 12:46:30.653Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dll
3/9/2020 - 12:46:30.653Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\RpcRtRemote.dllRpcRtRemote.dll
3/9/2020 - 12:46:30.809Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:30.809Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:30.809Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 12:46:30.809Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\ktmw32.dll
3/9/2020 - 12:46:30.809Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:30.809Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:30.809Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:30.809Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:30.809Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:30.809Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:30.825Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:30.825Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:30.825Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.825Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.825Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 12:46:30.825Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 12:46:30.825Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.825Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:30.825Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 12:46:30.825Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\rpcss.dll
3/9/2020 - 12:46:30.825Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:30.825Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:31.12Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 12:46:31.12Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\taskschd.dll
3/9/2020 - 12:46:31.59Open1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpBB00.tmp
3/9/2020 - 12:46:31.59Read1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpBB00.tmp
3/9/2020 - 12:46:31.59Read1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpBB00.tmp
3/9/2020 - 12:46:31.59Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Users\Behemot\AppData\Local\Temp\tmpBB00.tmp
3/9/2020 - 12:46:31.59Open1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.mui
3/9/2020 - 12:46:31.59Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows
3/9/2020 - 12:46:31.59Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Monitor
3/9/2020 - 12:46:31.59Unknown1744C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\pt-BR\KernelBase.dll.muiKernelBase.dll.mui
3/9/2020 - 12:46:31.122Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpBB00.tmp
3/9/2020 - 12:46:31.122Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles
3/9/2020 - 12:46:31.122Delete2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpBB00.tmp
3/9/2020 - 12:46:31.122Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpBB00.tmp
3/9/2020 - 12:46:31.122Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Local\Temp\tmpBB00.tmp
3/9/2020 - 12:46:31.122Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:31.122Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:31.122Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:31.122Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:31.122Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:31.122Read2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:31.122Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:31.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pf
3/9/2020 - 12:46:31.168Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pfREMCOS.EXE-473216CB.pf
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Prefetch\REMCOS.EXE-473216CB.pfREMCOS.EXE-473216CB.pf
3/9/2020 - 12:46:31.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 12:46:31.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 12:46:31.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 12:46:31.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:31.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:31.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:31.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:31.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly
3/9/2020 - 12:46:31.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32
3/9/2020 - 12:46:31.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib
3/9/2020 - 12:46:31.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:46:31.168Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 12:46:31.168Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 12:46:31.168Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 12:46:31.215Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\ntdll.dll
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 12:46:31.215Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 12:46:31.215Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 12:46:31.231Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 12:46:31.231Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 12:46:31.247Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dllSystem.Windows.Forms.dll
3/9/2020 - 12:46:31.247Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:46:31.247Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 12:46:31.247Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
3/9/2020 - 12:46:31.247Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\locale.nls
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.configmachine.config
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\l_intl.nls
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\pt-BR\mscorrc.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\ntdll.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\kernel32.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\kernel32.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\user32.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ntdll.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mscoree.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\apisetschema.dllapisetschema.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\KernelBase.dllKernelBase.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\advapi32.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcrt.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rpcrt4.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sspicli.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptbase.dllcryptbase.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shlwapi.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\gdi32.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\user32.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\lpk.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\usp10.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msctf.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\msvcr80.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\shell32.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\ole32.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\profapi.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dllmscorlib.ni.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System\67c97ffbe01458a63ecb518c7444c1f1\System.ni.dllSystem.ni.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6f4f738362752c5d3a2c9234d604784d\System.Drawing.ni.dllSystem.Drawing.ni.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c0f9cb97c68eb938bd0b36f7ee90e60f\System.Windows.Forms.ni.dllSystem.Windows.Forms.ni.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\bcrypt.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\cryptsp.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rsaenh.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe\Device\HarddiskVolume2
3/9/2020 - 12:46:31.247Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:31.247Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:31.247Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64.dll
3/9/2020 - 12:46:31.247Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:31.247Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64win.dll
3/9/2020 - 12:46:31.247Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:31.247Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64cpu.dll
3/9/2020 - 12:46:31.247Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\System32\wow64log.dll
3/9/2020 - 12:46:31.247Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:31.247Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\sechost.dll
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\MSVCP60.dll
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\msvcp60.dll
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WINMM.dll
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winmm.dll
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\version.DLL
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\version.dll
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\remcos.exe.Local
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:46:31.262Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 12:46:31.262Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 12:46:31.262Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be\GdiPlus.dll
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:31.262Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\imm32.dll
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:31.278Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 12:46:31.278Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 12:46:31.278Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 12:46:31.278Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:31.278Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:31.278Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 12:46:31.278Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 12:46:31.278Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 12:46:31.278Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:31.278Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nls
3/9/2020 - 12:46:31.278Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Globalization\Sorting\SortDefault.nlsSortDefault.nls
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mswsock.dll
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\mswsock.dll
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WSHTCPIP.DLL
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\nlaapi.dll
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\nlaapi.dll
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\NapiNSP.dll
3/9/2020 - 12:46:31.278Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\NapiNSP.dll
3/9/2020 - 12:46:31.278Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.2324.1151546
3/9/2020 - 12:46:31.278Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.2324.1151546
3/9/2020 - 12:46:31.278Open2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch.2324.1151562
3/9/2020 - 12:46:31.278Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:31.293Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows
3/9/2020 - 12:46:31.293Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor
3/9/2020 - 12:46:31.293Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:31.293Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc
3/9/2020 - 12:46:31.293Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dllMicrosoft.VisualBasic.dll
3/9/2020 - 12:46:31.293Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.23407_none_5c02a2f5a011f9be
3/9/2020 - 12:46:31.293Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pt-BR_b77a5c561934e089\mscorlib.resources.dllmscorlib.resources.dll
3/9/2020 - 12:46:31.293Unknown2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d
3/9/2020 - 12:46:31.372Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:31.372Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\uxtheme.dll
3/9/2020 - 12:46:31.372Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\pnrpnsp.dll
3/9/2020 - 12:46:31.372Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\pnrpnsp.dll
3/9/2020 - 12:46:31.372Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\DNSAPI.dll
3/9/2020 - 12:46:31.372Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\dnsapi.dll
3/9/2020 - 12:46:31.372Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\dnsapi.dll
3/9/2020 - 12:46:31.372Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winrnr.dll
3/9/2020 - 12:46:31.372Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winrnr.dll
3/9/2020 - 12:46:31.372Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\IPHLPAPI.DLL
3/9/2020 - 12:46:31.372Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
3/9/2020 - 12:46:31.372Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\IPHLPAPI.DLL
3/9/2020 - 12:46:31.372Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WINNSI.DLL
3/9/2020 - 12:46:31.372Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winnsi.dll
3/9/2020 - 12:46:31.372Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\winnsi.dll
3/9/2020 - 12:46:31.372Unknown948C:\Windows\SysWOW64\cmd.exeC:\Windows
3/9/2020 - 12:46:31.372Unknown948C:\Windows\SysWOW64\cmd.exeC:\Monitor
3/9/2020 - 12:46:31.434Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:31.434Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming
3/9/2020 - 12:46:31.434Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 12:46:31.434Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\
3/9/2020 - 12:46:31.434Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 12:46:31.434Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users
3/9/2020 - 12:46:31.434Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 12:46:31.434Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot
3/9/2020 - 12:46:31.434Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:31.434Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData
3/9/2020 - 12:46:31.434Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots
3/9/2020 - 12:46:31.434Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots
3/9/2020 - 12:46:31.434Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\WindowsCodecs.dll
3/9/2020 - 12:46:31.434Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 12:46:31.434Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 12:46:31.434Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dll
3/9/2020 - 12:46:31.434Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\WindowsCodecs.dllWindowsCodecs.dll
3/9/2020 - 12:46:31.434Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.png
3/9/2020 - 12:46:31.434Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.434Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.450Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.450Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.450Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.450Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.465Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.465Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.465Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.465Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.465Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.528Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.528Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.528Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.528Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.528Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.png
3/9/2020 - 12:46:31.575Read780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.575Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.png
3/9/2020 - 12:46:31.575Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184631.png
3/9/2020 - 12:46:31.575Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.575Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.575Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.575Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.575Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.575Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.575Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.575Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.575Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Monitor\Files\DeletedFiles\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.575Delete780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.575Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.575Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.pngtime_20180503_184631.png
3/9/2020 - 12:46:31.590Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.dat
3/9/2020 - 12:46:31.590Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.dattime_20180503_184631.dat
3/9/2020 - 12:46:31.590Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\Screenshots\time_20180503_184631.dattime_20180503_184631.dat
3/9/2020 - 12:46:31.606Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
3/9/2020 - 12:46:31.606Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\FWPUCLNT.DLL
3/9/2020 - 12:46:31.684Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\rasadhlp.dll
3/9/2020 - 12:46:31.684Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rasadhlp.dll
3/9/2020 - 12:46:31.684Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Windows\SysWOW64\rasadhlp.dll
3/9/2020 - 12:46:41.387Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:46:41.387Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos
3/9/2020 - 12:46:41.387Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:46:41.387Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:46:41.387Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:46:41.387Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:46:51.403Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:46:51.403Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:47:1.434Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:47:1.434Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:47:11.434Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:47:11.434Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:47:21.450Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:47:21.450Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:47:31.481Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:47:31.481Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:47:41.512Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:47:41.512Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:47:51.543Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:47:51.543Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:48:1.575Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:48:1.575Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:48:11.606Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:48:11.606Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:48:21.637Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:48:21.637Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:48:31.668Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:48:31.668Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:48:41.700Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:48:41.700Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:48:51.731Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:48:51.731Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:49:1.762Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:49:1.762Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:49:11.793Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:49:11.793Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:49:21.825Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:49:21.825Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:49:31.856Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:49:31.856Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:49:41.872Open780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat
3/9/2020 - 12:49:41.872Unknown780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeC:\Users\Behemot\AppData\Roaming\remcos\logs.dat

Process
Trace
3/9/2020 - 12:45:42.606Create1480C:\malware.exe1488C:\Monitor\proc.exe
3/9/2020 - 12:46:14.809Create1488C:\Monitor\proc.exe532C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:16.762Terminate1488C:\Monitor\proc.exe532C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:16.918Create1488C:\Monitor\proc.exe972C:\Monitor\proc.exe
3/9/2020 - 12:46:17.465Terminate1480C:\malware.exe1488C:\Monitor\proc.exe
3/9/2020 - 12:46:17.559Create972C:\Monitor\proc.exe308C:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:17.590Terminate1488C:\Monitor\proc.exe972C:\Monitor\proc.exe
3/9/2020 - 12:46:19.512Create308C:\Windows\SysWOW64\wscript.exe948C:\Windows\SysWOW64\cmd.exe
3/9/2020 - 12:46:19.637Terminate972C:\Monitor\proc.exe308C:\Windows\SysWOW64\wscript.exe
3/9/2020 - 12:46:19.856Create948C:\Windows\SysWOW64\cmd.exe2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:30.497Create2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe1744C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:31.59Terminate2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe1744C:\Windows\SysWOW64\schtasks.exe
3/9/2020 - 12:46:31.122Create2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:31.293Terminate948C:\Windows\SysWOW64\cmd.exe2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exe
3/9/2020 - 12:46:31.372Terminate308C:\Windows\SysWOW64\wscript.exe948C:\Windows\SysWOW64\cmd.exe

Analysis
Reason
Timeout

Status
Sucessfully Executed

Results
1

Registry
Trace
3/9/2020 - 12:46:14.606Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 12:46:14.606Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 12:46:14.606Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 12:46:14.606Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 12:46:14.606Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 12:46:14.606Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 12:46:14.606Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 12:46:14.606Write1488C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 12:46:17.59Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runremcos
3/9/2020 - 12:46:17.481Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 12:46:17.481Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 12:46:17.481Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 12:46:17.481Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 12:46:17.481Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 12:46:17.481Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 12:46:17.481Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 12:46:17.481Write972C:\Monitor\proc.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 12:46:19.497Write308C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 12:46:19.497Write308C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 12:46:19.497Write308C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 12:46:19.497Write308C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 12:46:19.497Write308C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 12:46:19.497Write308C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 12:46:19.497Write308C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 12:46:19.497Write308C:\Windows\SysWOW64\wscript.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 12:46:30.481Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 12:46:30.481Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 12:46:30.481Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 12:46:30.481Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 12:46:30.481Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapProxyBypass
3/9/2020 - 12:46:30.481Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapIntranetName
3/9/2020 - 12:46:30.481Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapUNCAsIntranet
3/9/2020 - 12:46:30.481Write2324C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMapAutoDetect
3/9/2020 - 12:46:31.278Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Runremcos
3/9/2020 - 12:46:31.278Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Remcos-8CPBWMexepath
3/9/2020 - 12:46:31.278Write780C:\Users\Behemot\AppData\Roaming\remcos\remcos.exeHKCU\Software\Remcos-8CPBWMlicence

File Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Process Summary
Created
Identified: True check_circle

Deleted
Identified: True check_circle

Registry Summary
Proxy
Identified: False cancel

AutoRun
Identified: False cancel

Created
Identified: True check_circle

Deleted
Identified: False cancel

Browsers
Identified: False cancel

Internet
Identified: True check_circle

Loading...

DNS
Query
computer localhost arrow_forward computer gateway:DNS code mmiri1.ddns.net.
computer localhost arrow_forward computer gateway:50273 code mmiri1.ddns.net.

Response
computer gateway:DNS arrow_forward computer localhost code mmiri1.ddns.net. reply_all 0.0.0.0


TCP
Info

UDP
Info
computer localhost:50273 arrow_forward computer localhost:53
computer localhost:53 arrow_forward computer localhost:50273

HTTP
Info

Summary
DNS
True check_circle

TCP
False cancel

UDP
True check_circle

HTTP
False cancel

Results
BINARY
NFS 2.0 (Threshold = 0.8)
confidence: 56.25%
suspicious: True check_circle

Decision Tree (NFS-BRMalware)
confidence: 100.00%
suspicious: True check_circle

MalConv (Ember: Raw Bytes, Threshold=0.5)
confidence: 96.50%
suspicious: True check_circle

Random Forest (100 estimators, NFS-BRMalware)
confidence: 59.00%
suspicious: False cancel

Non-Negative MalConv (Ember: Raw Bytes, Threshold=0.35)
confidence: 47.18%
suspicious: True check_circle

LightGDM (Ember: File Characteristics, Threshold=0.8336)
confidence: 27.95%
suspicious: False cancel

Add to Collection
Download